« back to all changes in this revision
Viewing changes to contrib/mod_tls.c
- browse files at revision 53
- compare with another revision
- download diff
- download tarball
- view history from revision 53
- Committer: Package Import Robot
- Author(s): Artur Rona
- Date: 2014-05-18 10:16:34 UTC
- mfrom: (50.1.4 sid)
- Revision ID: package-import@ubuntu.com-20140518101634-omlrnzzqvu8189cl
Tags: 1.3.5~rc4-3ubuntu1
* Merge from Debian unstable. Remaining changes:
- debian/patches/powerpc64le.diff:
+ Patch lib/libltdl/m4/libtool.m4 and configure for ppc64el.
- debian/patches/powerpc64le.diff:
+ Patch lib/libltdl/m4/libtool.m4 and configure for ppc64el.
- files added:
- .pc/4044
- .pc/4044/modules
- contrib/mod_dnsbl
- files removed:
- .pc/CVE-2013-4359.patch
- .pc/CVE-2013-4359.patch/contrib
- .pc/CVE-2013-4359.patch/contrib/mod_sftp
- files modified:
- .pc/applied-patches
added
removed
contrib/mod_tls.c
2
2
* mod_tls - An RFC2228 SSL/TLS module for ProFTPD
3
3
*
4
4
* Copyright (c) 2000-2002 Peter 'Luna' Runestig <peter@runestig.com>
5
* Copyright (c) 2002-2013 TJ Saunders <tj@castaglia.org>
5
* Copyright (c) 2002-2014 TJ Saunders <tj@castaglia.org>
6
6
* All rights reserved.
7
7
*
8
8
* Redistribution and use in source and binary forms, with or without modifi-
56
56
# include <openssl/engine.h>
57
57
# include <openssl/ocsp.h>
58
58
#endif
59
#ifdef PR_USE_OPENSSL_ECC
60
# include <openssl/ec.h>
61
# include <openssl/ecdh.h>
62
#endif /* PR_USE_OPENSSL_ECC */
63
59
64
60
65
#ifdef HAVE_MLOCK
61
66
# include <sys/mman.h>
62
67
#endif
63
68
64
#define MOD_TLS_VERSION "mod_tls/2.4.5"
69
#define MOD_TLS_VERSION "mod_tls/2.6"
65
70
66
71
/* Make sure the version of proftpd is as necessary. */
67
72
#if PROFTPD_VERSION_NUMBER < 0x0001030402
337
342
char *dsa_pkey;
338
343
void *dsa_pkey_ptr;
339
344
345
#ifdef PR_USE_OPENSSL_ECC
346
char *ec_pkey;
347
void *ec_pkey_ptr;
348
#endif /* PR_USE_OPENSSL_ECC */
349
340
350
/* Used for stashing the password for a PKCS12 file, which should
341
351
* contain a certificate. Any passphrase for the private key for that
342
352
* certificate should be in one of the above RSA/DSA buffers.
352
362
353
363
#define TLS_PKEY_USE_RSA 0x0100
354
364
#define TLS_PKEY_USE_DSA 0x0200
365
#define TLS_PKEY_USE_EC 0x0400
355
366
356
367
static tls_pkey_t *tls_pkey_list = NULL;
357
368
static unsigned int tls_npkeys = 0;
373
384
#define TLS_PASSPHRASE_FL_RSA_KEY 0x0001
374
385
#define TLS_PASSPHRASE_FL_DSA_KEY 0x0002
375
386
#define TLS_PASSPHRASE_FL_PKCS12_PASSWD 0x0004
387
#define TLS_PASSPHRASE_FL_EC_KEY 0x0008
376
388
377
389
#define TLS_PROTO_SSL_V3 0x0001
378
390
#define TLS_PROTO_TLS_V1 0x0002
405
417
#define TLS_SESS_CTRL_RENEGOTIATING 0x0200
406
418
#define TLS_SESS_DATA_RENEGOTIATING 0x0400
407
419
#define TLS_SESS_HAVE_CCC 0x0800
420
#define TLS_SESS_VERIFY_SERVER 0x1000
421
#define TLS_SESS_VERIFY_SERVER_NO_DNS 0x2000
408
422
409
423
/* mod_tls option flags */
410
424
#define TLS_OPT_NO_CERT_REQUEST 0x0001
420
434
#define TLS_OPT_ALLOW_CLIENT_RENEGOTIATIONS 0x0400
421
435
#define TLS_OPT_VERIFY_CERT_CN 0x0800
422
436
437
/* mod_tls SSCN modes */
438
#define TLS_SSCN_MODE_SERVER 0
439
#define TLS_SSCN_MODE_CLIENT 1
440
static unsigned int tls_sscn_mode = TLS_SSCN_MODE_SERVER;
441
423
442
/* mod_tls cleanup flags */
424
443
#define TLS_CLEANUP_FL_SESS_INIT 0x0001
425
444
429
448
static char *tls_cipher_suite = NULL;
430
449
static char *tls_crl_file = NULL, *tls_crl_path = NULL;
431
450
static char *tls_dhparam_file = NULL;
451
static char *tls_ec_cert_file = NULL, *tls_ec_key_file = NULL;
432
452
static char *tls_dsa_cert_file = NULL, *tls_dsa_key_file = NULL;
433
453
static char *tls_pkcs12_file = NULL;
434
454
static char *tls_rsa_cert_file = NULL, *tls_rsa_key_file = NULL;
489
509
static int tls_get_passphrase(server_rec *, const char *, const char *,
490
510
char *, size_t, int);
491
511
492
static char *tls_get_subj_name(void);
512
static char *tls_get_subj_name(SSL *);
493
513
494
514
static int tls_openlog(void);
495
515
static RSA *tls_rsa_cb(SSL *, int, int);
1022
1042
return res;
1023
1043
}
1024
1044
1025
static unsigned char tls_check_client_cert(SSL *ssl, conn_t *conn) {
1045
static int tls_cert_match_dns_san(pool *p, X509 *cert, const char *dns_name) {
1046
int matched = 0;
1047
#if OPENSSL_VERSION_NUMBER > 0x000907000L
1048
STACK_OF(GENERAL_NAME) *sans;
1049
1050
sans = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1051
if (sans != NULL) {
1052
register unsigned int i;
1053
int nsans = sk_GENERAL_NAME_num(sans);
1054
1055
for (i = 0; i < nsans; i++) {
1056
GENERAL_NAME *alt_name = sk_GENERAL_NAME_value(sans, i);
1057
1058
if (alt_name->type == GEN_DNS) {
1059
char *dns_san;
1060
size_t dns_sanlen;
1061
1062
dns_san = (char *) ASN1_STRING_data(alt_name->d.ia5);
1063
dns_sanlen = strlen(dns_san);
1064
1065
/* Check for subjectAltName values which contain embedded NULs.
1066
* This can cause verification problems (spoofing), e.g. if the
1067
* string is "www.goodguy.com\0www.badguy.com"; the use of strcmp()
1068
* only checks "www.goodguy.com".
1069
*/
1070
1071
if (ASN1_STRING_length(alt_name->d.ia5) != dns_sanlen) {
1072
tls_log("%s", "cert dNSName SAN contains embedded NULs, "
1073
"rejecting as possible spoof attempt");
1074
tls_log("suspicious dNSName SAN value: '%s'",
1075
get_printable_subjaltname(p, dns_san,
1076
ASN1_STRING_length(alt_name->d.dNSName)));
1077
1078
GENERAL_NAME_free(alt_name);
1079
sk_GENERAL_NAME_free(sans);
1080
return 0;
1081
}
1082
1083
if (strncasecmp(dns_name, dns_san, dns_sanlen + 1) == 0) {
1084
pr_trace_msg(trace_channel, 8,
1085
"found cert dNSName SAN matching '%s'", dns_name);
1086
matched = 1;
1087
1088
} else {
1089
pr_trace_msg(trace_channel, 9,
1090
"cert dNSName SAN '%s' did not match '%s'", dns_san, dns_name);
1091
}
1092
}
1093
1094
GENERAL_NAME_free(alt_name);
1095
1096
if (matched == 1) {
1097
break;
1098
}
1099
}
1100
1101
sk_GENERAL_NAME_free(sans);
1102
}
1103
#endif /* OpenSSL-0.9.7 or later */
1104
1105
return matched;
1106
}
1107
1108
static int tls_cert_match_ip_san(pool *p, X509 *cert, const char *ipstr) {
1109
int matched = 0;
1110
STACK_OF(GENERAL_NAME) *sans;
1111
1112
sans = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1113
if (sans != NULL) {
1114
register unsigned int i;
1115
int nsans = sk_GENERAL_NAME_num(sans);
1116
1117
for (i = 0; i < nsans; i++) {
1118
GENERAL_NAME *alt_name = sk_GENERAL_NAME_value(sans, i);
1119
1120
if (alt_name->type == GEN_IPADD) {
1121
unsigned char *san_data = NULL;
1122
int have_ipstr = FALSE, san_datalen;
1123
#ifdef PR_USE_IPV6
1124
char san_ipstr[INET6_ADDRSTRLEN + 1] = {'\0'};
1125
#else
1126
char san_ipstr[INET_ADDRSTRLEN + 1] = {'\0'};
1127
#endif /* PR_USE_IPV6 */
1128
1129
san_data = ASN1_STRING_data(alt_name->d.ip);
1130
memset(san_ipstr, '\0', sizeof(san_ipstr));
1131
1132
san_datalen = ASN1_STRING_length(alt_name->d.ip);
1133
if (san_datalen == 4) {
1134
/* IPv4 address */
1135
snprintf(san_ipstr, sizeof(san_ipstr)-1, "%u.%u.%u.%u",
1136
san_data[0], san_data[1], san_data[2], san_data[3]);
1137
have_ipstr = TRUE;
1138
1139
#ifdef PR_USE_IPV6
1140
} else if (san_datalen == 16) {
1141
/* IPv6 address */
1142
1143
if (pr_inet_ntop(AF_INET6, san_data, san_ipstr,
1144
sizeof(san_ipstr)-1) == NULL) {
1145
tls_log("unable to convert cert iPAddress SAN value (length %d) "
1146
"to IPv6 representation: %s", san_datalen, strerror(errno));
1147
1148
} else {
1149
have_ipstr = TRUE;
1150
}
1151
1152
#endif /* PR_USE_IPV6 */
1153
} else {
1154
pr_trace_msg(trace_channel, 3,
1155
"unsupported cert SAN ipAddress length (%d), ignoring",
1156
san_datalen);
1157
continue;
1158
}
1159
1160
if (have_ipstr) {
1161
size_t san_ipstrlen;
1162
1163
san_ipstrlen = strlen(san_ipstr);
1164
1165
if (strncmp(ipstr, san_ipstr, san_ipstrlen + 1) == 0) {
1166
pr_trace_msg(trace_channel, 8,
1167
"found cert iPAddress SAN matching '%s'", ipstr);
1168
matched = 1;
1169
1170
} else {
1171
if (san_datalen == 16) {
1172
/* We need to handle the case where the iPAddress SAN might
1173
* have contained an IPv4-mapped IPv6 adress, and we're
1174
* comparing against an IPv4 address.
1175
*/
1176
if (san_ipstrlen > 7 &&
1177
strncasecmp(san_ipstr, "::ffff:", 7) == 0) {
1178
if (strncmp(ipstr, san_ipstr + 7, san_ipstrlen - 6) == 0) {
1179
pr_trace_msg(trace_channel, 8,
1180
"found cert iPAddress SAN '%s' matching '%s'",
1181
san_ipstr, ipstr);
1182
matched = 1;
1183
}
1184
}
1185
1186
} else {
1187
pr_trace_msg(trace_channel, 9,
1188
"cert iPAddress SAN '%s' did not match '%s'", san_ipstr, ipstr);
1189
}
1190
}
1191
}
1192
}
1193
1194
GENERAL_NAME_free(alt_name);
1195
1196
if (matched == 1) {
1197
break;
1198
}
1199
}
1200
1201
sk_GENERAL_NAME_free(sans);
1202
}
1203
1204
return matched;
1205
}
1206
1207
static int tls_cert_match_cn(pool *p, X509 *cert, const char *name,
1208
int allow_wildcards) {
1209
int matched = 0, idx = -1;
1210
X509_NAME *subj_name = NULL;
1211
X509_NAME_ENTRY *cn_entry = NULL;
1212
ASN1_STRING *cn_asn1 = NULL;
1213
char *cn_str = NULL;
1214
size_t cn_len = 0;
1215
1216
/* Find the position of the CommonName (CN) field within the Subject of
1217
* the cert.
1218
*/
1219
subj_name = X509_get_subject_name(cert);
1220
if (subj_name == NULL) {
1221
pr_trace_msg(trace_channel, 12,
1222
"unable to check certificate CommonName against '%s': "
1223
"unable to get Subject", name);
1224
return 0;
1225
}
1226
1227
idx = X509_NAME_get_index_by_NID(subj_name, NID_commonName, -1);
1228
if (idx < 0) {
1229
pr_trace_msg(trace_channel, 12,
1230
"unable to check certificate CommonName against '%s': "
1231
"no CommoName atribute found", name);
1232
return 0;
1233
}
1234
1235
cn_entry = X509_NAME_get_entry(subj_name, idx);
1236
if (cn_entry == NULL) {
1237
pr_trace_msg(trace_channel, 12,
1238
"unable to check certificate CommonName against '%s': "
1239
"error obtaining CommoName atribute found: %s", name, tls_get_errors());
1240
return 0;
1241
}
1242
1243
/* Convert the CN field to a string, by way of an ASN1 object. */
1244
cn_asn1 = X509_NAME_ENTRY_get_data(cn_entry);
1245
if (cn_asn1 == NULL) {
1246
X509_NAME_ENTRY_free(cn_entry);
1247
1248
pr_trace_msg(trace_channel, 12,
1249
"unable to check certificate CommonName against '%s': "
1250
"error converting CommoName atribute to ASN.1: %s", name,
1251
tls_get_errors());
1252
return 0;
1253
}
1254
1255
cn_str = (char *) ASN1_STRING_data(cn_asn1);
1256
1257
/* Check for CommonName values which contain embedded NULs. This can cause
1258
* verification problems (spoofing), e.g. if the string is
1259
* "www.goodguy.com\0www.badguy.com"; the use of strcmp() only checks
1260
* "www.goodguy.com".
1261
*/
1262
1263
cn_len = strlen(cn_str);
1264
1265
if (ASN1_STRING_length(cn_asn1) != cn_len) {
1266
X509_NAME_ENTRY_free(cn_entry);
1267
1268
tls_log("%s", "cert CommonName contains embedded NULs, rejecting as "
1269
"possible spoof attempt");
1270
tls_log("suspicious CommonName value: '%s'",
1271
get_printable_subjaltname(p, (const char *) cn_str,
1272
ASN1_STRING_length(cn_asn1)));
1273
return 0;
1274
}
1275
1276
/* Yes, this is deliberately a case-insensitive comparison. Most CNs
1277
* contain a hostname (case-insensitive); if they contain an IP address,
1278
* the case-insensitivity won't hurt anything. In fact, it's needed for
1279
* e.g. IPv6 addresses.
1280
*/
1281
if (strncasecmp(name, cn_str, cn_len + 1) == 0) {
1282
matched = 1;
1283
}
1284
1285
if (matched == 0 &&
1286
allow_wildcards) {
1287
1288
/* XXX Implement wildcard checking. */
1289
}
1290
1291
X509_NAME_ENTRY_free(cn_entry);
1292
return matched;
1293
}
1294
1295
static int tls_check_client_cert(SSL *ssl, conn_t *conn) {
1026
1296
X509 *cert = NULL;
1027
unsigned char ok = FALSE, have_cn = FALSE, have_dns_ext = FALSE,
1028
have_ipaddr_ext = FALSE;
1297
unsigned char have_cn = FALSE, have_dns_ext = FALSE, have_ipaddr_ext = FALSE;
1298
int ok = -1;
1029
1299
1030
1300
/* Only perform these more stringent checks if asked to verify clients. */
1031
if (!(tls_flags & TLS_SESS_VERIFY_CLIENT))
1032
return TRUE;
1301
if (!(tls_flags & TLS_SESS_VERIFY_CLIENT)) {
1302
return 0;
1303
}
1033
1304
1034
1305
/* Only perform these checks is configured to do so. */
1035
1306
if (!(tls_opts & TLS_OPT_VERIFY_CERT_FQDN) &&
1036
1307
!(tls_opts & TLS_OPT_VERIFY_CERT_IP_ADDR) &&
1037
1308
!(tls_opts & TLS_OPT_VERIFY_CERT_CN)) {
1038
return TRUE;
1309
return 0;
1039
1310
}
1040
1311
1041
/* Note: this should _never_ return NULL in this case. */
1042
1312
cert = SSL_get_peer_certificate(ssl);
1313
if (cert == NULL) {
1314
/* This can be null in the case where some anonymous (insecure)
1315
* cipher suite was used.
1316
*/
1317
tls_log("unable to verify '%s': client did not provide certificate",
1318
conn->remote_name);
1319
return -1;
1320
}
1321
1322
/* Check the DNS SANs if configured. */
1323
if (tls_opts & TLS_OPT_VERIFY_CERT_FQDN) {
1324
int matched;
1325
1326
matched = tls_cert_match_dns_san(conn->pool, cert, conn->remote_name);
1327
if (matched == 0) {
1328
tls_log("client cert dNSName SANs do not match remote name '%s'",
1329
conn->remote_name);
1330
return -1;
1331
1332
} else {
1333
tls_log("client cert dNSName SAN matches remote name '%s'",
1334
conn->remote_name);
1335
have_dns_ext = TRUE;
1336
ok = 1;
1337
}
1338
}
1339
1340
/* Check the IP SANs, if configured. */
1341
if (tls_opts & TLS_OPT_VERIFY_CERT_IP_ADDR) {
1342
int matched;
1343
1344
matched = tls_cert_match_ip_san(conn->pool, cert,
1345
pr_netaddr_get_ipstr(conn->remote_addr));
1346
if (matched == 0) {
1347
tls_log("client cert iPAddress SANs do not match client IP '%s'",
1348
pr_netaddr_get_ipstr(conn->remote_addr));
1349
return -1;
1350
1351
} else {
1352
tls_log("client cert iPAddress SAN matches client IP '%s'",
1353
pr_netaddr_get_ipstr(conn->remote_addr));
1354
have_ipaddr_ext = TRUE;
1355
ok = 1;
1356
}
1357
}
1043
1358
1044
1359
/* Check the CN (Common Name) if configured. */
1045
1360
if (tls_opts & TLS_OPT_VERIFY_CERT_CN) {
1046
X509_NAME *sn;
1047
1048
/* This does NOT increment a reference counter, thus we do NOT want
1049
* call X509_NAME_free() on the returned pointer.
1050
*/
1051
sn = X509_get_subject_name(cert);
1052
if (sn) {
1053
STACK_OF(X509_NAME_ENTRY) *sk_name_ents;
1054
register unsigned int i;
1055
int nents;
1056
1057
/* XXX I don't like this direct access to the entries member */
1058
sk_name_ents = sn->entries;
1059
nents = sk_X509_NAME_ENTRY_num(sk_name_ents);
1060
1061
for (i = 0; i < nents; i++) {
1062
X509_NAME_ENTRY *ent;
1063
int nid;
1064
1065
ent = sk_X509_NAME_ENTRY_value(sk_name_ents, i);
1066
1067
nid = OBJ_obj2nid((ASN1_OBJECT *) X509_NAME_ENTRY_get_object(ent));
1068
if (nid == NID_commonName) {
1069
const char *ptr;
1070
int len;
1071
1072
have_cn = TRUE;
1073
1074
/* XXX I don't like these direct accesses to the data and length
1075
* members.
1076
*/
1077
ptr = (const char *) ent->value->data;
1078
len = ent->value->length;
1079
1080
/* Check for CommonName values which contain embedded NULs. This
1081
* can cause verification problems (spoofing), e.g. if the string is
1082
* "www.goodguy.com\0www.badguy.com"; the use of strcmp() only checks
1083
* "www.goodguy.com".
1084
*/
1085
1086
if (len != strlen(ptr)) {
1087
tls_log("%s", "client cert CommonName contains embedded NULs, "
1088
"rejecting as possible spoof attempt");
1089
tls_log("suspicious CommonName value: '%s'",
1090
get_printable_subjaltname(conn->pool, (const char *) ptr, len));
1091
1092
X509_NAME_ENTRY_free(ent);
1093
return FALSE;
1094
1095
} else {
1096
if (strcmp(ptr, conn->remote_name) != 0) {
1097
tls_log("client cert CommonName value '%s' != client FQDN '%s'",
1098
ptr, conn->remote_name);
1099
1100
X509_NAME_ENTRY_free(ent);
1101
return FALSE;
1102
}
1103
}
1104
1105
tls_log("%s", "client cert CommonName matches client FQDN");
1106
ok = TRUE;
1107
}
1108
1109
if (ok)
1110
break;
1111
}
1112
}
1113
}
1114
1115
/* Next, check the subjectAltName X509v3 extensions, as is proper, for
1116
* the IP address and FQDN.
1117
*/
1118
if ((tls_opts & TLS_OPT_VERIFY_CERT_IP_ADDR) ||
1119
(tls_opts & TLS_OPT_VERIFY_CERT_FQDN)) {
1120
STACK_OF(GENERAL_NAME) *sk_alt_names;
1121
1122
sk_alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1123
if (sk_alt_names) {
1124
register unsigned int i;
1125
int nnames = sk_GENERAL_NAME_num(sk_alt_names);
1126
1127
for (i = 0; i < nnames; i++) {
1128
GENERAL_NAME *name = sk_GENERAL_NAME_value(sk_alt_names, i);
1129
1130
/* Only interested in the DNS and IP address types right now. */
1131
switch (name->type) {
1132
case GEN_DNS:
1133
if (tls_opts & TLS_OPT_VERIFY_CERT_FQDN) {
1134
const char *cert_dns_name = (const char *) name->d.ia5->data;
1135
have_dns_ext = TRUE;
1136
1137
/* Check for subjectAltName values which contain embedded
1138
* NULs. This can cause verification problems (spoofing),
1139
* e.g. if the string is "www.goodguy.com\0www.badguy.com"; the
1140
* use of strcmp() only checks "www.goodguy.com".
1141
*/
1142
1143
if ((size_t) name->d.ia5->length != strlen(cert_dns_name)) {
1144
tls_log("%s", "client cert dNSName contains embedded NULs, "
1145
"rejecting as possible spoof attempt");
1146
tls_log("suspicious dNSName value: '%s'",
1147
get_printable_subjaltname(conn->pool,
1148
(const char *) name->d.ia5->data,
1149
(size_t) name->d.ia5->length));
1150
1151
GENERAL_NAME_free(name);
1152
sk_GENERAL_NAME_free(sk_alt_names);
1153
X509_free(cert);
1154
return FALSE;
1155
1156
} else {
1157
if (strcmp(cert_dns_name, conn->remote_name) != 0) {
1158
tls_log("client cert dNSName value '%s' != client FQDN '%s'",
1159
cert_dns_name, conn->remote_name);
1160
1161
GENERAL_NAME_free(name);
1162
sk_GENERAL_NAME_free(sk_alt_names);
1163
X509_free(cert);
1164
return FALSE;
1165
}
1166
}
1167
1168
tls_log("%s", "client cert dNSName matches client FQDN");
1169
ok = TRUE;
1170
continue;
1171
}
1172
break;
1173
1174
case GEN_IPADD:
1175
if (tls_opts & TLS_OPT_VERIFY_CERT_IP_ADDR) {
1176
pr_netaddr_t *cert_addr;
1177
unsigned char *cert_data, ipv6_reqd = FALSE;
1178
const char *rep = NULL;
1179
int res;
1180
#ifdef PR_USE_IPV6
1181
char cert_ipstr[INET6_ADDRSTRLEN + 1] = {'\0'};
1182
#else
1183
char cert_ipstr[INET_ADDRSTRLEN + 1] = {'\0'};
1184
#endif /* PR_USE_IPV6 */
1185
1186
cert_data = name->d.ip->data;
1187
memset(cert_ipstr, '\0', sizeof(cert_ipstr));
1188
1189
if (name->d.ip->length == 4) {
1190
/* IPv4 address */
1191
snprintf(cert_ipstr, sizeof(cert_ipstr)-1, "%d.%d.%d.%d",
1192
cert_data[0], cert_data[1], cert_data[2], cert_data[3]);
1193
1194
#ifdef PR_USE_IPV6
1195
} else if (name->d.ip->length == 16) {
1196
1197
/* Make sure that IPv6 support is enabled, at least for the
1198
* scope of these checks, if necessary.
1199
*/
1200
if (pr_netaddr_use_ipv6() == FALSE) {
1201
ipv6_reqd = TRUE;
1202
}
1203
1204
rep = pr_inet_ntop(AF_INET6, cert_data, cert_ipstr,
1205
sizeof(cert_ipstr)-1);
1206
if (rep == NULL) {
1207
tls_log("unable to convert client cert iPAddress value "
1208
"(length %d) to IPv6 representation: %s",
1209
name->d.ip->length, strerror(errno));
1210
1211
GENERAL_NAME_free(name);
1212
sk_GENERAL_NAME_free(sk_alt_names);
1213
X509_free(cert);
1214
return FALSE;
1215
}
1216
#endif /* PR_USE_IPV6 */
1217
1218
} else {
1219
/* Malformed IP address SubjectAltName extension. */
1220
tls_log("unexpected client cert iPAddress value length (%d)",
1221
name->d.ip->length);
1222
1223
GENERAL_NAME_free(name);
1224
sk_GENERAL_NAME_free(sk_alt_names);
1225
X509_free(cert);
1226
return FALSE;
1227
}
1228
1229
have_ipaddr_ext = TRUE;
1230
1231
if (ipv6_reqd) {
1232
pr_netaddr_enable_ipv6();
1233
}
1234
1235
cert_addr = pr_netaddr_get_addr(session.pool, cert_ipstr, NULL);
1236
if (cert_addr == NULL) {
1237
if (ipv6_reqd) {
1238
pr_netaddr_disable_ipv6();
1239
}
1240
1241
tls_log("unable to resolve client cert iPAddress value "
1242
"'%s' to address: %s", cert_ipstr, strerror(errno));
1243
1244
GENERAL_NAME_free(name);
1245
sk_GENERAL_NAME_free(sk_alt_names);
1246
X509_free(cert);
1247
return FALSE;
1248
}
1249
1250
res = pr_netaddr_cmp(cert_addr, conn->remote_addr);
1251
1252
if (ipv6_reqd) {
1253
pr_netaddr_disable_ipv6();
1254
}
1255
1256
if (res != 0) {
1257
tls_log("client cert iPAddress value '%s' != client IP '%s'",
1258
cert_ipstr, pr_netaddr_get_ipstr(conn->remote_addr));
1259
1260
GENERAL_NAME_free(name);
1261
sk_GENERAL_NAME_free(sk_alt_names);
1262
X509_free(cert);
1263
return FALSE;
1264
}
1265
1266
tls_log("client cert iPAddress matches client IP '%s'",
1267
pr_netaddr_get_ipstr(conn->remote_addr));
1268
ok = TRUE;
1269
continue;
1270
}
1271
break;
1272
1273
default:
1274
break;
1275
}
1276
1277
GENERAL_NAME_free(name);
1278
}
1279
1280
sk_GENERAL_NAME_free(sk_alt_names);
1361
int matched;
1362
1363
matched = tls_cert_match_cn(conn->pool, cert, conn->remote_name, TRUE);
1364
if (matched == 0) {
1365
tls_log("client cert CommonName does not match client FQDN '%s'",
1366
conn->remote_name);
1367
return -1;
1368
1369
} else {
1370
tls_log("client cert CommonName matches client FQDN '%s'",
1371
conn->remote_name);
1372
have_cn = TRUE;
1373
ok = 1;
1281
1374
}
1282
1375
}
1283
1376
1288
1381
1289
1382
if ((tls_opts & TLS_OPT_VERIFY_CERT_FQDN) &&
1290
1383
!have_dns_ext) {
1291
tls_log("%s", "client cert missing required X509v3 subjectAltName dNSName");
1384
tls_log("%s", "client cert missing required X509v3 SubjectAltName dNSName");
1292
1385
}
1293
1386
1294
1387
if ((tls_opts & TLS_OPT_VERIFY_CERT_IP_ADDR) &&
1295
1388
!have_ipaddr_ext) {
1296
tls_log("%s", "client cert missing required X509v3 subjectAltName iPAddress");
1297
}
1298
1299
X509_free(cert);
1300
1301
if (!ok)
1302
return FALSE;
1303
1304
return TRUE;
1389
tls_log("%s", "client cert missing required X509v3 SubjectAltName iPAddress");
1390
}
1391
1392
X509_free(cert);
1393
return ok;
1394
}
1395
1396
static int tls_check_server_cert(SSL *ssl, conn_t *conn) {
1397
X509 *cert = NULL;
1398
int ok = -1;
1399
long verify_result;
1400
1401
/* Only perform these more stringent checks if asked to verify servers. */
1402
if (!(tls_flags & TLS_SESS_VERIFY_SERVER) &&
1403
!(tls_flags & TLS_SESS_VERIFY_SERVER_NO_DNS)) {
1404
return 0;
1405
}
1406
1407
/* Check SSL_get_verify_result */
1408
verify_result = SSL_get_verify_result(ssl);
1409
if (verify_result != X509_V_OK) {
1410
tls_log("unable to verify '%s' server certificate: %s",
1411
conn->remote_name, X509_verify_cert_error_string(verify_result));
1412
return -1;
1413
}
1414
1415
cert = SSL_get_peer_certificate(ssl);
1416
if (cert == NULL) {
1417
/* This can be null in the case where some anonymous (insecure)
1418
* cipher suite was used.
1419
*/
1420
tls_log("unable to verify '%s': server did not provide certificate",
1421
conn->remote_name);
1422
return -1;
1423
}
1424
1425
/* XXX If using OpenSSL-1.0.2/1.1.0, we might be able to use:
1426
* X509_match_host() and X509_match_ip()/X509_match_ip_asc().
1427
*/
1428
1429
ok = tls_cert_match_ip_san(conn->pool, cert,
1430
pr_netaddr_get_ipstr(conn->remote_addr));
1431
if (ok == 0) {
1432
ok = tls_cert_match_cn(conn->pool, cert,
1433
pr_netaddr_get_ipstr(conn->remote_addr), FALSE);
1434
}
1435
1436
if (ok == 0 &&
1437
!(tls_opts & TLS_SESS_VERIFY_SERVER_NO_DNS)) {
1438
int reverse_dns;
1439
const char *remote_name;
1440
1441
reverse_dns = pr_netaddr_set_reverse_dns(TRUE);
1442
1443
/* XXX Should clear the Netaddr cache here, but just for our single
1444
* name. Should be an API for that.
1445
*/
1446
pr_netaddr_clear_cache();
1447
1448
conn->remote_addr->na_have_dnsstr = FALSE;
1449
remote_name = pr_netaddr_get_dnsstr(conn->remote_addr);
1450
pr_netaddr_set_reverse_dns(reverse_dns);
1451
1452
ok = tls_cert_match_dns_san(conn->pool, cert, remote_name);
1453
if (ok == 0) {
1454
ok = tls_cert_match_cn(conn->pool, cert, remote_name, TRUE);
1455
}
1456
}
1457
1458
X509_free(cert);
1459
1460
ok = 0;
1461
return ok;
1305
1462
}
1306
1463
1307
1464
struct tls_pkey_data {
1427
1584
1428
1585
pid = fork();
1429
1586
if (pid < 0) {
1430
pr_log_pri(PR_LOG_ERR, MOD_TLS_VERSION ": error: unable to fork: %s",
1431
strerror(errno));
1587
int xerrno = errno;
1588
1589
pr_log_pri(PR_LOG_ALERT,
1590
MOD_TLS_VERSION ": error: unable to fork: %s", strerror(xerrno));
1591
1592
errno = xerrno;
1432
1593
status = -1;
1433
1594
1434
1595
} else if (pid == 0) {
1437
1598
char *stdin_argv[4];
1438
1599
1439
1600
/* Child process */
1601
session.pid = getpid();
1440
1602
1441
1603
/* Note: there is no need to clean up this temporary pool, as we've
1442
1604
* forked. If the exec call succeeds, this child process will exit
1466
1628
} else if (flags & TLS_PASSPHRASE_FL_DSA_KEY) {
1467
1629
stdin_argv[2] = pstrdup(tmp_pool, "DSA");
1468
1630
1631
} else if (flags & TLS_PASSPHRASE_FL_EC_KEY) {
1632
stdin_argv[2] = pstrdup(tmp_pool, "EC");
1633
1469
1634
} else if (flags & TLS_PASSPHRASE_FL_PKCS12_PASSWD) {
1470
1635
stdin_argv[2] = pstrdup(tmp_pool, "PKCS12");
1471
1636
}
2006
2171
*/
2007
2172
PRIVS_ROOT
2008
2173
if (k->rsa_pkey) {
2009
if (mlock(k->rsa_pkey, k->pkeysz) < 0)
2174
if (mlock(k->rsa_pkey, k->pkeysz) < 0) {
2010
2175
tls_log("error locking passphrase into memory: %s", strerror(errno));
2176
}
2011
2177
}
2012
2178
2013
2179
if (k->dsa_pkey) {
2014
if (mlock(k->dsa_pkey, k->pkeysz) < 0)
2015
tls_log("error locking passphrase into memory: %s", strerror(errno));
2016
}
2180
if (mlock(k->dsa_pkey, k->pkeysz) < 0) {
2181
tls_log("error locking passphrase into memory: %s", strerror(errno));
2182
}
2183
}
2184
2185
# ifdef PR_USE_OPENSSL_ECC
2186
if (k->ec_pkey) {
2187
if (mlock(k->ec_pkey, k->pkeysz) < 0) {
2188
tls_log("error locking passphrase into memory: %s", strerror(errno));
2189
}
2190
}
2191
# endif /* PR_USE_OPENSSL_ECC */
2017
2192
2018
2193
if (k->pkcs12_passwd) {
2019
if (mlock(k->pkcs12_passwd, k->pkeysz) < 0)
2194
if (mlock(k->pkcs12_passwd, k->pkeysz) < 0) {
2020
2195
tls_log("error locking password into memory: %s", strerror(errno));
2196
}
2021
2197
}
2022
2198
PRIVS_RELINQUISH
2023
2199
#endif /* HAVE_MLOCK */
2039
2215
k->dsa_pkey = k->dsa_pkey_ptr = NULL;
2040
2216
}
2041
2217
2218
# ifdef PR_USE_OPENSSL_ECC
2219
if (k->ec_pkey) {
2220
pr_memscrub(k->ec_pkey, k->pkeysz);
2221
free(k->ec_pkey_ptr);
2222
k->ec_pkey = k->ec_pkey_ptr = NULL;
2223
}
2224
# endif /* PR_USE_OPENSSL_ECC */
2225
2042
2226
if (k->pkcs12_passwd) {
2043
2227
pr_memscrub(k->pkcs12_passwd, k->pkeysz);
2044
2228
free(k->pkcs12_passwd_ptr);
2069
2253
return strlen(buf);
2070
2254
}
2071
2255
2256
#ifdef PR_USE_OPENSSL_ECC
2257
if ((k->flags & TLS_PKEY_USE_EC) && k->ec_pkey) {
2258
sstrncpy(buf, k->ec_pkey, buflen);
2259
buf[buflen - 1] = '\0';
2260
return strlen(buf);
2261
}
2262
#endif /* PR_USE_OPENSSL_ECC */
2263
2072
2264
return 0;
2073
2265
}
2074
2266
2098
2290
k->dsa_pkey = k->dsa_pkey_ptr = NULL;
2099
2291
}
2100
2292
2293
#ifdef PR_USE_OPENSSL_ECC
2294
if (k->ec_pkey) {
2295
pr_memscrub(k->ec_pkey, k->pkeysz);
2296
free(k->ec_pkey_ptr);
2297
k->ec_pkey = k->ec_pkey_ptr = NULL;
2298
}
2299
#endif /* PR_USE_OPENSSL_ECC */
2300
2101
2301
if (k->pkcs12_passwd) {
2102
2302
pr_memscrub(k->pkcs12_passwd, k->pkeysz);
2103
2303
free(k->pkcs12_passwd_ptr);
2241
2441
return dh;
2242
2442
}
2243
2443
2444
#ifdef PR_USE_OPENSSL_ECC
2445
static EC_KEY *tls_ecdh_cb(SSL *ssl, int is_export, int keylength) {
2446
static EC_KEY *ecdh = NULL;
2447
static int init = 0;
2448
2449
/* XXX Uses 256-bit key for now. TODO: support other sizes. */
2450
2451
if (init == 0) {
2452
ecdh = EC_KEY_new();
2453
2454
if (ecdh != NULL) {
2455
/* ecdh->group = EC_GROUP_new_by_nid(NID_secp160r2); */
2456
EC_KEY_set_group(ecdh,
2457
EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
2458
}
2459
2460
init = 1;
2461
}
2462
2463
return ecdh;
2464
}
2465
#endif /* PR_USE_OPENSSL_ECC */
2466
2244
2467
/* Post 0.9.7a, RSA blinding is turned on by default, so there is no need to
2245
2468
* do this manually.
2246
2469
*/
2259
2482
rsa = EVP_PKEY_get1_RSA(pkey);
2260
2483
2261
2484
if (rsa) {
2262
if (RSA_blinding_on(rsa, NULL) != 1)
2485
if (RSA_blinding_on(rsa, NULL) != 1) {
2263
2486
tls_log("error setting RSA blinding: %s",
2264
2487
ERR_error_string(ERR_get_error(), NULL));
2265
else
2488
2489
} else {
2266
2490
tls_log("set RSA blinding on");
2491
}
2267
2492
2268
2493
/* Now, "free" the RSA pointer, to properly decrement the reference
2269
2494
* counter.
2488
2713
}
2489
2714
2490
2715
SSL_CTX_set_tmp_dh_callback(ssl_ctx, tls_dh_cb);
2716
#ifdef PR_USE_OPENSSL_ECC
2717
SSL_CTX_set_tmp_ecdh_callback(ssl_ctx, tls_ecdh_cb);
2718
#endif /* PR_USE_OPENSSL_ECC */
2491
2719
2492
2720
if (tls_seed_prng() < 0) {
2493
2721
pr_log_debug(DEBUG1, MOD_TLS_VERSION ": unable to properly seed PRNG");
2499
2727
static int tls_init_server(void) {
2500
2728
config_rec *c = NULL;
2501
2729
char *tls_ca_cert = NULL, *tls_ca_path = NULL, *tls_ca_chain = NULL;
2502
X509 *server_dsa_cert = NULL, *server_rsa_cert = NULL;
2730
X509 *server_ec_cert = NULL, *server_dsa_cert = NULL, *server_rsa_cert = NULL;
2503
2731
int verify_mode = SSL_VERIFY_PEER;
2504
2732
unsigned int tls_protocol = TLS_PROTO_DEFAULT;
2505
2733
2555
2783
PRIVS_RELINQUISH
2556
2784
2557
2785
} else {
2558
2559
/* Default to using locations set in the OpenSSL config file.
2560
*/
2561
2786
/* Default to using locations set in the OpenSSL config file. */
2562
2787
pr_trace_msg(trace_channel, 9,
2563
2788
"using default OpenSSL verification locations (see $SSL_CERT_DIR "
2564
2789
"environment variable)");
2684
2909
/* Assume that, if no separate key files are configured, the keys are
2685
2910
* in the same file as the corresponding certificate.
2686
2911
*/
2687
if (!tls_rsa_key_file)
2688
tls_rsa_key_file = tls_rsa_cert_file;
2689
2690
if (!tls_dsa_key_file)
2691
tls_dsa_key_file = tls_dsa_cert_file;
2912
if (tls_rsa_key_file == NULL) {
2913
tls_rsa_key_file = tls_rsa_cert_file;
2914
}
2915
2916
if (tls_dsa_key_file == NULL) {
2917
tls_dsa_key_file = tls_dsa_cert_file;
2918
}
2919
2920
if (tls_ec_key_file == NULL) {
2921
tls_ec_key_file = tls_ec_cert_file;
2922
}
2692
2923
2693
2924
PRIVS_ROOT
2694
if (tls_rsa_cert_file) {
2925
if (tls_rsa_cert_file != NULL) {
2695
2926
FILE *fh = NULL;
2696
int res;
2927
int res, xerrno;
2697
2928
X509 *cert = NULL;
2698
2929
2699
2930
fh = fopen(tls_rsa_cert_file, "r");
2931
xerrno = errno;
2700
2932
if (fh == NULL) {
2701
2933
PRIVS_RELINQUISH
2702
2934
tls_log("error reading TLSRSACertificateFile '%s': %s", tls_rsa_cert_file,
2703
strerror(errno));
2935
strerror(xerrno));
2936
errno = xerrno;
2704
2937
return -1;
2705
2938
}
2706
2939
2733
2966
server_rsa_cert = cert;
2734
2967
}
2735
2968
2736
if (tls_rsa_key_file) {
2969
if (tls_rsa_key_file != NULL) {
2737
2970
int res;
2738
2971
2739
2972
if (tls_pkey) {
2740
2973
tls_pkey->flags |= TLS_PKEY_USE_RSA;
2741
tls_pkey->flags &= ~TLS_PKEY_USE_DSA;
2974
tls_pkey->flags &= ~(TLS_PKEY_USE_DSA|TLS_PKEY_USE_EC);
2742
2975
}
2743
2976
2744
2977
res = SSL_CTX_use_PrivateKey_file(ssl_ctx, tls_rsa_key_file,
2762
2995
}
2763
2996
}
2764
2997
2765
if (tls_dsa_cert_file) {
2998
if (tls_dsa_cert_file != NULL) {
2766
2999
FILE *fh = NULL;
2767
int res;
3000
int res, xerrno;
2768
3001
X509 *cert = NULL;
2769
3002
2770
3003
fh = fopen(tls_dsa_cert_file, "r");
3004
xerrno = errno;
2771
3005
if (fh == NULL) {
2772
3006
PRIVS_RELINQUISH
2773
3007
tls_log("error reading TLSDSACertificateFile '%s': %s", tls_dsa_cert_file,
2774
strerror(errno));
3008
strerror(xerrno));
3009
errno = xerrno;
2775
3010
return -1;
2776
3011
}
2777
3012
2803
3038
server_dsa_cert = cert;
2804
3039
}
2805
3040
2806
if (tls_dsa_key_file) {
3041
if (tls_dsa_key_file != NULL) {
2807
3042
int res;
2808
3043
2809
3044
if (tls_pkey) {
2810
3045
tls_pkey->flags |= TLS_PKEY_USE_DSA;
2811
tls_pkey->flags &= ~TLS_PKEY_USE_RSA;
3046
tls_pkey->flags &= ~(TLS_PKEY_USE_RSA|TLS_PKEY_USE_EC);
2812
3047
}
2813
3048
2814
3049
res = SSL_CTX_use_PrivateKey_file(ssl_ctx, tls_dsa_key_file,
2832
3067
}
2833
3068
}
2834
3069
2835
if (tls_pkcs12_file) {
3070
#ifdef PR_USE_OPENSSL_ECC
3071
if (tls_ec_cert_file != NULL) {
3072
FILE *fh = NULL;
3073
int res, xerrno;
3074
X509 *cert = NULL;
3075
3076
fh = fopen(tls_ec_cert_file, "r");
3077
xerrno = errno;
3078
if (fh == NULL) {
3079
PRIVS_RELINQUISH
3080
tls_log("error reading TLSECCertificateFile '%s': %s", tls_ec_cert_file,
3081
strerror(xerrno));
3082
errno = xerrno;
3083
return -1;
3084
}
3085
3086
cert = PEM_read_X509(fh, NULL, ssl_ctx->default_passwd_callback,
3087
ssl_ctx->default_passwd_callback_userdata);
3088
if (cert == NULL) {
3089
PRIVS_RELINQUISH
3090
tls_log("error reading TLSECCertificateFile '%s': %s", tls_ec_cert_file,
3091
tls_get_errors());
3092
fclose(fh);
3093
return -1;
3094
}
3095
3096
fclose(fh);
3097
3098
/* SSL_CTX_use_certificate() will increment the refcount on cert, so we
3099
* can safely call X509_free() on it. However, we need to keep that
3100
* pointer around until after the handling of a cert chain file.
3101
*/
3102
res = SSL_CTX_use_certificate(ssl_ctx, cert);
3103
if (res <= 0) {
3104
PRIVS_RELINQUISH
3105
3106
tls_log("error loading TLSECCertificateFile '%s': %s", tls_ec_cert_file,
3107
tls_get_errors());
3108
return -1;
3109
}
3110
3111
server_ec_cert = cert;
3112
}
3113
3114
if (tls_ec_key_file != NULL) {
3115
int res;
3116
3117
if (tls_pkey) {
3118
tls_pkey->flags |= TLS_PKEY_USE_EC;
3119
tls_pkey->flags &= ~(TLS_PKEY_USE_RSA|TLS_PKEY_USE_DSA);
3120
}
3121
3122
res = SSL_CTX_use_PrivateKey_file(ssl_ctx, tls_ec_key_file,
3123
X509_FILETYPE_PEM);
3124
3125
if (res <= 0) {
3126
PRIVS_RELINQUISH
3127
3128
tls_log("error loading TLSECCertificateKeyFile '%s': %s",
3129
tls_ec_key_file, tls_get_errors());
3130
return -1;
3131
}
3132
3133
res = SSL_CTX_check_private_key(ssl_ctx);
3134
if (res != 1) {
3135
PRIVS_RELINQUISH
3136
3137
tls_log("error checking key from TLSECCertificateKeyFile '%s': %s",
3138
tls_ec_key_file, tls_get_errors());
3139
return -1;
3140
}
3141
}
3142
#endif /* PR_USE_OPENSSL_ECC */
3143
3144
if (tls_pkcs12_file != NULL) {
2836
3145
int res;
2837
3146
FILE *fp;
2838
3147
X509 *cert = NULL;
2914
3223
switch (EVP_PKEY_type(pkey->type)) {
2915
3224
case EVP_PKEY_RSA:
2916
3225
tls_pkey->flags |= TLS_PKEY_USE_RSA;
2917
tls_pkey->flags &= ~TLS_PKEY_USE_DSA;
3226
tls_pkey->flags &= ~(TLS_PKEY_USE_DSA|TLS_PKEY_USE_EC);
2918
3227
break;
2919
3228
2920
3229
case EVP_PKEY_DSA:
2921
3230
tls_pkey->flags |= TLS_PKEY_USE_DSA;
2922
tls_pkey->flags &= ~TLS_PKEY_USE_RSA;
2923
break;
3231
tls_pkey->flags &= ~(TLS_PKEY_USE_RSA|TLS_PKEY_USE_EC);
3232
break;
3233
3234
#ifdef PR_USE_OPENSSL_ECC
3235
case EVP_PKEY_EC:
3236
tls_pkey->flags |= TLS_PKEY_USE_EC;
3237
tls_pkey->flags &= ~(TLS_PKEY_USE_RSA|TLS_PKEY_USE_DSA);
3238
break;
3239
#endif /* PR_USE_OPENSSL_ECC */
2924
3240
}
2925
3241
}
2926
3242
2973
3289
case EVP_PKEY_DSA:
2974
3290
server_dsa_cert = cert;
2975
3291
break;
3292
3293
#ifdef PR_USE_OPENSSL_ECC
3294
case EVP_PKEY_EC:
3295
server_ec_cert = cert;
3296
break;
3297
#endif /* PR_USE_OPENSSL_ECC */
2976
3298
}
2977
3299
}
2978
3300
2995
3317
*/
2996
3318
if (tls_rsa_cert_file == NULL &&
2997
3319
tls_dsa_cert_file == NULL &&
3320
tls_ec_cert_file == NULL &&
2998
3321
tls_pkcs12_file == NULL) {
2999
tls_log("no TLSRSACertificateFile, TLSDSACertificateFile, or TLSPKCS12File "
3000
"configured; unable to handle SSL/TLS connections");
3322
tls_log("no TLSRSACertificateFile, TLSDSACertificateFile, "
3323
"TLSECCertificateFile, or TLSPKCS12File configured; "
3324
"unable to handle SSL/TLS connections");
3001
3325
pr_log_pri(PR_LOG_NOTICE, MOD_TLS_VERSION
3002
": no TLSRSACertificateFile, TLSDSACertificateFile, or TLSPKCS12File "
3003
"configured; unable to handle SSL/TLS connections");
3326
": no TLSRSACertificateFile, TLSDSACertificateFile, "
3327
"TLSECCertificateFile or TLSPKCS12File configured; "
3328
"unable to handle SSL/TLS connections");
3004
3329
}
3005
3330
3006
3331
/* Handle a CertificateChainFile. We need to do this here, after the
3084
3409
server_dsa_cert = NULL;
3085
3410
}
3086
3411
3412
#ifdef PR_USE_OPENSSL_ECC
3413
if (server_ec_cert != NULL) {
3414
X509_free(server_ec_cert);
3415
server_ec_cert = NULL;
3416
}
3417
#endif /* PR_USE_OPENSSL_ECC */
3418
3087
3419
/* Set up the CRL. */
3088
3420
if (tls_crl_file || tls_crl_path) {
3089
3421
tls_crl_store = X509_STORE_new();
3147
3479
-1, &tls_module, tls_ctrl_renegotiate_cb, "SSL/TLS renegotiation");
3148
3480
}
3149
3481
}
3150
3151
3482
#endif
3152
3483
3153
3484
return 0;
3372
3703
if (!on_data) {
3373
3704
int reused;
3374
3705
3375
subj = tls_get_subj_name();
3706
subj = tls_get_subj_name(ctrl_ssl);
3376
3707
if (subj)
3377
3708
tls_log("Client: %s", subj);
3378
3709
3379
3710
if (!(tls_opts & TLS_OPT_NO_CERT_REQUEST)) {
3380
3711
3381
/* NOTE: should probably use SSL_get_verify_result() as a last
3382
* sanity check.
3383
*/
3384
3385
3712
/* Now we can go on with our post-handshake, application level
3386
3713
* requirement checks.
3387
3714
*/
3388
if (!tls_check_client_cert(ssl, conn)) {
3715
if (tls_check_client_cert(ssl, conn) < 0) {
3716
tls_end_sess(ssl, PR_NETIO_STRM_CTRL, 0);
3717
ctrl_ssl = NULL;
3389
3718
return -1;
3390
3719
}
3391
3720
}
3544
3873
return 0;
3545
3874
}
3546
3875
3876
static int tls_connect(conn_t *conn) {
3877
int blocking, res = 0, xerrno = 0;
3878
char *subj = NULL;
3879
SSL *ssl = NULL;
3880
BIO *rbio = NULL, *wbio = NULL;
3881
3882
if (!ssl_ctx) {
3883
tls_log("%s", "unable to start session: null SSL_CTX");
3884
return -1;
3885
}
3886
3887
ssl = SSL_new(ssl_ctx);
3888
if (ssl == NULL) {
3889
tls_log("error: unable to start session: %s",
3890
ERR_error_string(ERR_get_error(), NULL));
3891
return -2;
3892
}
3893
3894
/* We deliberately set SSL_VERIFY_NONE here, so that we get to
3895
* determine how to handle the server cert verification result ourselves.
3896
*/
3897
SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
3898
3899
/* This works with either rfd or wfd (I hope). */
3900
rbio = BIO_new_socket(conn->rfd, FALSE);
3901
wbio = BIO_new_socket(conn->rfd, FALSE);
3902
SSL_set_bio(ssl, rbio, wbio);
3903
3904
/* If configured, set a timer for the handshake. */
3905
if (tls_handshake_timeout) {
3906
tls_handshake_timer_id = pr_timer_add(tls_handshake_timeout, -1,
3907
&tls_module, tls_handshake_timeout_cb, "SSL/TLS handshake");
3908
}
3909
3910
/* Make sure that TCP_NODELAY is enabled for the handshake. */
3911
pr_inet_set_proto_nodelay(conn->pool, conn, 1);
3912
3913
retry:
3914
3915
blocking = tls_get_block(conn);
3916
if (blocking) {
3917
/* Put the connection in non-blocking mode for the duration of the
3918
* SSL handshake. This lets us handle EAGAIN/retries better (i.e.
3919
* without spinning in a tight loop and consuming the CPU).
3920
*/
3921
pr_inet_set_nonblock(conn->pool, conn);
3922
}
3923
3924
pr_signals_handle();
3925
res = SSL_connect(ssl);
3926
if (res == -1) {
3927
xerrno = errno;
3928
}
3929
3930
if (blocking) {
3931
/* Return the connection to blocking mode. */
3932
pr_inet_set_block(conn->pool, conn);
3933
}
3934
3935
if (res < 1) {
3936
const char *msg = "unable to connect using TLS connection";
3937
int errcode = SSL_get_error(ssl, res);
3938
3939
pr_signals_handle();
3940
3941
if (tls_handshake_timed_out) {
3942
tls_log("TLS negotiation timed out (%u seconds)", tls_handshake_timeout);
3943
tls_end_sess(ssl, PR_NETIO_STRM_DATA, 0);
3944
return -4;
3945
}
3946
3947
switch (errcode) {
3948
case SSL_ERROR_WANT_READ:
3949
tls_readmore(conn->rfd);
3950
goto retry;
3951
3952
case SSL_ERROR_WANT_WRITE:
3953
tls_writemore(conn->rfd);
3954
goto retry;
3955
3956
case SSL_ERROR_ZERO_RETURN:
3957
tls_log("%s: TLS connection closed", msg);
3958
break;
3959
3960
case SSL_ERROR_WANT_X509_LOOKUP:
3961
tls_log("%s: needs X509 lookup", msg);
3962
break;
3963
3964
case SSL_ERROR_SYSCALL: {
3965
/* Check to see if the OpenSSL error queue has info about this. */
3966
int xerrcode = ERR_get_error();
3967
3968
if (xerrcode == 0) {
3969
/* The OpenSSL error queue doesn't have any more info, so we'll
3970
* examine the SSL_connect() return value itself.
3971
*/
3972
3973
if (res == 0) {
3974
/* EOF */
3975
tls_log("%s: received EOF that violates protocol", msg);
3976
3977
} else if (res == -1) {
3978
/* Check errno */
3979
tls_log("%s: system call error: [%d] %s", msg, xerrno,
3980
strerror(xerrno));
3981
}
3982
3983
} else {
3984
tls_log("%s: system call error: %s", msg, tls_get_errors());
3985
}
3986
3987
break;
3988
}
3989
3990
case SSL_ERROR_SSL:
3991
tls_log("%s: protocol error: %s", msg, tls_get_errors());
3992
break;
3993
}
3994
3995
pr_event_generate("mod_tls.data-handshake-failed", &errcode);
3996
3997
tls_end_sess(ssl, PR_NETIO_STRM_DATA, 0);
3998
return -3;
3999
}
4000
4001
/* Disable TCP_NODELAY, now that the handshake is done. */
4002
pr_inet_set_proto_nodelay(conn->pool, conn, 0);
4003
4004
/* Disable the handshake timer. */
4005
pr_timer_remove(tls_handshake_timer_id, &tls_module);
4006
4007
/* Manually update the raw bytes counters with the network IO from the
4008
* SSL handshake.
4009
*/
4010
session.total_raw_in += (BIO_number_read(rbio) +
4011
BIO_number_read(wbio));
4012
session.total_raw_out += (BIO_number_written(rbio) +
4013
BIO_number_written(wbio));
4014
4015
/* Stash the SSL object in the pointers of the correct NetIO streams. */
4016
if (conn == session.d) {
4017
pr_buffer_t *strm_buf;
4018
4019
tls_data_rd_nstrm->strm_data = tls_data_wr_nstrm->strm_data = (void *) ssl;
4020
4021
/* Clear any data from the NetIO stream buffers which may have been read
4022
* in before the SSL/TLS handshake occurred (Bug#3624).
4023
*/
4024
strm_buf = tls_data_rd_nstrm->strm_buf;
4025
if (strm_buf != NULL) {
4026
strm_buf->current = NULL;
4027
strm_buf->remaining = strm_buf->buflen;
4028
}
4029
}
4030
4031
#if OPENSSL_VERSION_NUMBER == 0x009080cfL
4032
/* In OpenSSL-0.9.8l, SSL session renegotiations are automatically
4033
* disabled. Thus if the admin explicitly configured support for
4034
* client-initiated renegotations via the AllowClientRenegotiations
4035
* TLSOption, then we need to do some hackery to enable renegotiations.
4036
*/
4037
if (tls_opts & TLS_OPT_ALLOW_CLIENT_RENEGOTIATIONS) {
4038
ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
4039
}
4040
#endif
4041
4042
subj = tls_get_subj_name(ssl);
4043
if (subj) {
4044
tls_log("Server: %s", subj);
4045
}
4046
4047
if (tls_check_server_cert(ssl, conn) < 0) {
4048
tls_end_sess(ssl, PR_NETIO_STRM_DATA, 0);
4049
return -1;
4050
}
4051
4052
tls_log("%s connection created, using cipher %s (%d bits)",
4053
SSL_get_cipher_version(ssl), SSL_get_cipher_name(ssl),
4054
SSL_get_cipher_bits(ssl, NULL));
4055
4056
return 0;
4057
}
4058
3547
4059
static void tls_cleanup(int flags) {
3548
4060
3549
4061
tls_sess_cache_close();
3807
4319
3808
4320
d = calloc(1, sz + (pagesz-1));
3809
4321
if (d == NULL) {
3810
pr_log_pri(PR_LOG_ERR, "Out of memory!");
4322
pr_log_pri(PR_LOG_ALERT, MOD_TLS_VERSION ": Out of memory!");
3811
4323
pr_session_disconnect(&tls_module, PR_SESS_DISCONNECT_NOMEM, NULL);
3812
4324
}
3813
4325
3835
4347
return pagesz;
3836
4348
}
3837
4349
3838
static char *tls_get_subj_name(void) {
3839
X509 *cert = SSL_get_peer_certificate(ctrl_ssl);
4350
static char *tls_get_subj_name(SSL *ssl) {
4351
X509 *cert = SSL_get_peer_certificate(ssl);
3840
4352
3841
4353
if (cert) {
3842
4354
char *name = tls_x509_name_oneline(X509_get_subject_name(cert));
3913
4425
}
3914
4426
3915
4427
tls_log("%s", "unexpected OpenSSL error, disconnecting");
3916
pr_log_pri(PR_LOG_ERR, "%s", MOD_TLS_VERSION
4428
pr_log_pri(PR_LOG_WARNING, "%s", MOD_TLS_VERSION
3917
4429
": unexpected OpenSSL error, disconnecting");
3918
4430
3919
4431
pr_session_disconnect(&tls_module, PR_SESS_DISCONNECT_BY_APPLICATION, NULL);
6223
6735
6224
6736
/* Cache a pointer to this stream. */
6225
6737
if (nstrm->strm_type == PR_NETIO_STRM_CTRL) {
6738
/* Note: We need to make this more generalized, so that mod_tls can be
6739
* used to open multiple different read/write control streams. To do
6740
* so, we need a small (e.g. 4) array of pr_netio_stream_t pointers
6741
* for both read and write streams, and to iterate through them. Need
6742
* iterate through and set strm_data appropriately in tls_accept(), too.
6743
*
6744
* This will needed to support FTPS connections to backend servers from
6745
* mod_proxy, for example.
6746
*/
6226
6747
if (nstrm->strm_mode == PR_NETIO_IO_RD) {
6227
tls_ctrl_rd_nstrm = nstrm;
6748
if (tls_ctrl_rd_nstrm == NULL) {
6749
tls_ctrl_rd_nstrm = nstrm;
6750
}
6228
6751
}
6229
6752
6230
6753
if (nstrm->strm_mode == PR_NETIO_IO_WR) {
6231
tls_ctrl_wr_nstrm = nstrm;
6754
if (tls_ctrl_wr_nstrm == NULL) {
6755
tls_ctrl_wr_nstrm = nstrm;
6756
}
6232
6757
}
6233
6758
6234
6759
} else if (nstrm->strm_type == PR_NETIO_STRM_DATA) {
6245
6770
* It is quite reasonable for the server to insist that the data
6246
6771
* connection uses a TLS cached session. This might be a cache of a
6247
6772
* previous data connection or of the control connection. If this is
6248
* the reason for the the refusal to allow the data transfer then the
6773
* the reason for the refusal to allow the data transfer then the
6249
6774
* '522' reply should indicate this.
6250
6775
*
6251
6776
* and, from 10.4:
6296
6821
/* Enforce the "data" part of TLSRequired, if configured. */
6297
6822
if (tls_required_on_data == 1 ||
6298
6823
(tls_flags & TLS_SESS_NEED_DATA_PROT)) {
6299
X509 *ctrl_cert = NULL, *data_cert = NULL;
6300
6301
tls_log("%s", "starting TLS negotiation on data connection");
6302
tls_data_need_init_handshake = TRUE;
6303
if (tls_accept(session.d, TRUE) < 0) {
6304
tls_log("%s", "unable to open data connection: TLS negotiation failed");
6305
session.d->xerrno = EPERM;
6306
return -1;
6307
}
6308
6309
/* Make sure that the certificate used, if any, for this data channel
6310
* handshake is the same as that used for the control channel handshake.
6311
* This may be too strict of a requirement, though.
6824
6825
/* XXX How to force 421 response code for failed secure FXP/SSCN? */
6826
6827
/* Directory listings (LIST, MLSD, NLST) are ALWAYS handled in server
6828
* mode, regardless of SSCN mode.
6312
6829
*/
6313
ctrl_cert = SSL_get_peer_certificate(ctrl_ssl);
6314
data_cert = SSL_get_peer_certificate((SSL *) nstrm->strm_data);
6315
6316
if (ctrl_cert && data_cert) {
6317
if (X509_cmp(ctrl_cert, data_cert)) {
6318
X509_free(ctrl_cert);
6319
X509_free(data_cert);
6320
6321
/* Properly shutdown the SSL session. */
6322
tls_end_sess((SSL *) nstrm->strm_data, nstrm->strm_type, 0);
6323
6324
tls_data_rd_nstrm->strm_data = tls_data_wr_nstrm->strm_data =
6325
nstrm->strm_data = NULL;
6326
6327
tls_log("%s", "unable to open data connection: control/data "
6328
"certificate mismatch");
6329
6330
session.d->xerrno = EPERM;
6331
return -1;
6332
}
6333
}
6830
if (session.curr_cmd_id == PR_CMD_LIST_ID ||
6831
session.curr_cmd_id == PR_CMD_MLSD_ID ||
6832
session.curr_cmd_id == PR_CMD_NLST_ID ||
6833
tls_sscn_mode == TLS_SSCN_MODE_SERVER) {
6834
X509 *ctrl_cert = NULL, *data_cert = NULL;
6835
6836
tls_log("%s", "starting TLS negotiation on data connection");
6837
tls_data_need_init_handshake = TRUE;
6838
if (tls_accept(session.d, TRUE) < 0) {
6839
tls_log("%s",
6840
"unable to open data connection: TLS negotiation failed");
6841
session.d->xerrno = EPERM;
6842
return -1;
6843
}
6844
6845
/* Make sure that the certificate used, if any, for this data channel
6846
* handshake is the same as that used for the control channel handshake.
6847
* This may be too strict of a requirement, though.
6848
*/
6849
ctrl_cert = SSL_get_peer_certificate(ctrl_ssl);
6850
data_cert = SSL_get_peer_certificate((SSL *) nstrm->strm_data);
6851
6852
if (ctrl_cert != NULL &&
6853
data_cert != NULL) {
6854
if (X509_cmp(ctrl_cert, data_cert)) {
6855
X509_free(ctrl_cert);
6856
X509_free(data_cert);
6857
6858
/* Properly shutdown the SSL session. */
6859
tls_end_sess((SSL *) nstrm->strm_data, nstrm->strm_type, 0);
6860
6861
tls_data_rd_nstrm->strm_data = tls_data_wr_nstrm->strm_data =
6862
nstrm->strm_data = NULL;
6863
6864
tls_log("%s", "unable to open data connection: control/data "
6865
"certificate mismatch");
6866
6867
session.d->xerrno = EPERM;
6868
return -1;
6869
}
6870
6871
if (ctrl_cert)
6872
X509_free(ctrl_cert);
6873
6874
if (data_cert)
6875
X509_free(data_cert);
6876
}
6877
6878
} else if (tls_sscn_mode == TLS_SSCN_MODE_CLIENT) {
6879
tls_log("%s", "making TLS connection for data connection");
6880
if (tls_connect(session.d) < 0) {
6881
tls_log("%s",
6882
"unable to open data connection: TLS connection failed");
6883
session.d->xerrno = EPERM;
6884
return -1;
6885
}
6886
}
6334
6887
6335
6888
#if OPENSSL_VERSION_NUMBER < 0x0090702fL
6336
6889
/* Make sure blinding is turned on. (For some reason, this only seems
6339
6892
tls_blinding_on((SSL *) nstrm->strm_data);
6340
6893
#endif
6341
6894
6342
if (ctrl_cert)
6343
X509_free(ctrl_cert);
6344
6345
if (data_cert)
6346
X509_free(data_cert);
6347
6348
6895
tls_flags |= TLS_SESS_ON_DATA;
6349
6896
}
6350
6897
}
6550
7097
return;
6551
7098
}
6552
7099
6553
tls_ctrl_netio = netio = pr_alloc_netio(permanent_pool);
7100
tls_ctrl_netio = netio = pr_alloc_netio2(permanent_pool, &tls_module);
6554
7101
6555
7102
netio->abort = tls_netio_abort_cb;
6556
7103
netio->close = tls_netio_close_cb;
6564
7111
6565
7112
pr_unregister_netio(PR_NETIO_STRM_CTRL);
6566
7113
6567
if (pr_register_netio(netio, PR_NETIO_STRM_CTRL) < 0)
6568
pr_log_pri(PR_LOG_INFO, MOD_TLS_VERSION ": error registering netio: %s",
7114
if (pr_register_netio(netio, PR_NETIO_STRM_CTRL) < 0) {
7115
pr_log_pri(PR_LOG_NOTICE, MOD_TLS_VERSION ": error registering netio: %s",
6569
7116
strerror(errno));
7117
}
6570
7118
}
6571
7119
6572
7120
static void tls_netio_install_data(void) {
6573
7121
pr_netio_t *netio = tls_data_netio ? tls_data_netio :
6574
(tls_data_netio = pr_alloc_netio(session.pool ? session.pool :
6575
permanent_pool));
7122
(tls_data_netio = pr_alloc_netio2(session.pool ? session.pool :
7123
permanent_pool, &tls_module));
6576
7124
6577
7125
netio->abort = tls_netio_abort_cb;
6578
7126
netio->close = tls_netio_close_cb;
6586
7134
6587
7135
pr_unregister_netio(PR_NETIO_STRM_DATA);
6588
7136
6589
if (pr_register_netio(netio, PR_NETIO_STRM_DATA) < 0)
6590
pr_log_pri(PR_LOG_INFO, MOD_TLS_VERSION ": error registering netio: %s",
7137
if (pr_register_netio(netio, PR_NETIO_STRM_DATA) < 0) {
7138
pr_log_pri(PR_LOG_NOTICE, MOD_TLS_VERSION ": error registering netio: %s",
6591
7139
strerror(errno));
7140
}
6592
7141
}
6593
7142
6594
7143
/* Logging functions
6622
7171
}
6623
7172
6624
7173
static int tls_openlog(void) {
6625
int res = 0;
7174
int res = 0, xerrno;
6626
7175
6627
7176
/* Sanity checks */
6628
7177
tls_logname = get_param_ptr(main_server->conf, "TLSLog", FALSE);
6637
7186
pr_signals_block();
6638
7187
PRIVS_ROOT
6639
7188
res = pr_log_openfile(tls_logname, &tls_logfd, PR_LOG_SYSTEM_MODE);
7189
xerrno = errno;
6640
7190
PRIVS_RELINQUISH
6641
7191
pr_signals_unblock();
6642
7192
7193
errno = xerrno;
6643
7194
return res;
6644
7195
}
6645
7196
7134
7685
*/
7135
7686
if ((tls_required_on_ctrl == 1 ||
7136
7687
tls_required_on_auth == 1) &&
7137
(!tls_flags & TLS_SESS_ON_CTRL)) {
7688
(!(tls_flags & TLS_SESS_ON_CTRL))) {
7138
7689
tls_log("SSL/TLS required but absent on control channel, "
7139
7690
"disconnecting");
7140
7691
pr_response_send(R_530, "%s", _("Login incorrect."));
7274
7825
return PR_HANDLED(cmd);
7275
7826
}
7276
7827
7828
MODRET tls_sscn(cmd_rec *cmd) {
7829
7830
if (tls_engine == FALSE ||
7831
session.rfc2228_mech == NULL ||
7832
strncmp(session.rfc2228_mech, "TLS", 4) != 0) {
7833
return PR_DECLINED(cmd);
7834
}
7835
7836
if (cmd->argc > 2) {
7837
int xerrno = EINVAL;
7838
7839
tls_log("denying malformed SSCN command: '%s %s'", cmd->argv[0], cmd->arg);
7840
pr_response_add_err(R_504, _("%s: %s"), cmd->argv[0], strerror(xerrno));
7841
7842
errno = xerrno;
7843
return PR_ERROR(cmd);
7844
}
7845
7846
if (!dir_check(cmd->tmp_pool, cmd, cmd->group, session.cwd, NULL)) {
7847
int xerrno = EPERM;
7848
7849
pr_log_debug(DEBUG8, "%s denied by <Limit> configuration", cmd->argv[0]);
7850
tls_log("%s denied by <Limit> configuration", cmd->argv[0]);
7851
pr_response_add_err(R_550, _("%s: %s"), cmd->argv[0], strerror(xerrno));
7852
7853
errno = xerrno;
7854
return PR_ERROR(cmd);
7855
}
7856
7857
if (cmd->argc == 1) {
7858
/* Client is querying our SSCN mode. */
7859
pr_response_add(R_200, "%s:%s METHOD", cmd->argv[0],
7860
tls_sscn_mode == TLS_SSCN_MODE_SERVER ? "SERVER" : "CLIENT");
7861
7862
} else {
7863
/* Parameter MUST be one of: "ON", "OFF. */
7864
if (strncmp(cmd->argv[1], "ON", 3) == 0) {
7865
tls_sscn_mode = TLS_SSCN_MODE_CLIENT;
7866
pr_response_add(R_200, "%s:CLIENT METHOD", cmd->argv[0]);
7867
7868
} else if (strncmp(cmd->argv[1], "OFF", 4) == 0) {
7869
tls_sscn_mode = TLS_SSCN_MODE_SERVER;
7870
pr_response_add(R_200, "%s:SERVER METHOD", cmd->argv[0]);
7871
7872
} else {
7873
int xerrno = EINVAL;
7874
7875
tls_log("denying unsupported SSCN command: '%s %s'", cmd->argv[0],
7876
cmd->argv[1]);
7877
pr_response_add_err(R_501, _("%s: %s"), cmd->argv[0], strerror(xerrno));
7878
7879
errno = xerrno;
7880
return PR_ERROR(cmd);
7881
}
7882
}
7883
7884
return PR_HANDLED(cmd);
7885
}
7886
7277
7887
/* Configuration handlers
7278
7888
*/
7279
7889
7529
8139
return PR_HANDLED(cmd);
7530
8140
}
7531
8141
8142
/* usage: TLSECCertificateFile file */
8143
MODRET set_tlseccertfile(cmd_rec *cmd) {
8144
#ifdef PR_USE_OPENSSL_ECC
8145
int res;
8146
8147
CHECK_ARGS(cmd, 1);
8148
CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL);
8149
8150
PRIVS_ROOT
8151
res = file_exists(cmd->argv[1]);
8152
PRIVS_RELINQUISH
8153
8154
if (!res) {
8155
CONF_ERROR(cmd, pstrcat(cmd->tmp_pool, "'", cmd->argv[1],
8156
"' does not exist", NULL));
8157
}
8158
8159
if (*cmd->argv[1] != '/') {
8160
CONF_ERROR(cmd, "parameter must be an absolute path");
8161
}
8162
8163
add_config_param_str(cmd->argv[0], 1, cmd->argv[1]);
8164
return PR_HANDLED(cmd);
8165
#else
8166
CONF_ERROR(cmd, pstrcat(cmd->tmp_pool, "The ", cmd->argv[0],
8167
" directive cannot be used on this system, as your OpenSSL version "
8168
"does have EC support", NULL));
8169
#endif /* PR_USE_OPENSSL_ ECC */
8170
}
8171
8172
/* usage: TLSECCertificateKeyFile file */
8173
MODRET set_tlseckeyfile(cmd_rec *cmd) {
8174
#ifdef PR_USE_OPENSSL_ECC
8175
int res;
8176
8177
CHECK_ARGS(cmd, 1);
8178
CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL);
8179
8180
PRIVS_ROOT
8181
res = file_exists(cmd->argv[1]);
8182
PRIVS_RELINQUISH
8183
8184
if (!res) {
8185
CONF_ERROR(cmd, pstrcat(cmd->tmp_pool, "'", cmd->argv[1],
8186
"' does not exist", NULL));
8187
}
8188
8189
if (*cmd->argv[1] != '/') {
8190
CONF_ERROR(cmd, "parameter must be an absolute path");
8191
}
8192
8193
add_config_param_str(cmd->argv[0], 1, cmd->argv[1]);
8194
return PR_HANDLED(cmd);
8195
#else
8196
CONF_ERROR(cmd, pstrcat(cmd->tmp_pool, "The ", cmd->argv[0],
8197
" directive cannot be used on this system, as your OpenSSL version "
8198
"does have EC support", NULL));
8199
#endif /* PR_USE_OPENSSL_ ECC */
8200
}
8201
7532
8202
/* usage: TLSEngine on|off */
7533
8203
MODRET set_tlsengine(cmd_rec *cmd) {
7534
8204
int bool = -1;
8077
8747
MODRET set_tlstimeouthandshake(cmd_rec *cmd) {
8078
8748
int timeout = -1;
8079
8749
config_rec *c = NULL;
8080
char *tmp = NULL;
8081
8750
8082
8751
CHECK_ARGS(cmd, 1);
8083
8752
CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL);
8084
8753
8085
timeout = (int) strtol(cmd->argv[1], &tmp, 10);
8086
8087
if ((tmp && *tmp) || timeout < 0 || timeout > 65535)
8088
CONF_ERROR(cmd, "timeout value must be between 0 and 65535");
8754
if (pr_str_get_duration(cmd->argv[1], &timeout) < 0) {
8755
CONF_ERROR(cmd, pstrcat(cmd->tmp_pool, "error parsing timeout value '",
8756
cmd->argv[1], "': ", strerror(errno), NULL));
8757
}
8089
8758
8090
8759
c = add_config_param(cmd->argv[0], 1, NULL);
8091
8760
c->argv[0] = pcalloc(c->pool, sizeof(unsigned int));
8206
8875
return PR_HANDLED(cmd);
8207
8876
}
8208
8877
8878
/* usage: TLSVerifyServer on|NoReverseDNS|off */
8879
MODRET set_tlsverifyserver(cmd_rec *cmd) {
8880
int setting = -1;
8881
config_rec *c = NULL;
8882
8883
CHECK_ARGS(cmd, 1);
8884
CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL);
8885
8886
setting = get_boolean(cmd, 1);
8887
if (setting == -1) {
8888
if (strcasecmp(cmd->argv[1], "NoReverseDNS") != 0) {
8889
CONF_ERROR(cmd, "expected Boolean parameter");
8890
}
8891
8892
setting = 2;
8893
}
8894
8895
c = add_config_param(cmd->argv[0], 1, NULL);
8896
c->argv[0] = pcalloc(c->pool, sizeof(int));
8897
*((int *) c->argv[0]) = setting;
8898
8899
return PR_HANDLED(cmd);
8900
}
8901
8209
8902
/* Event handlers
8210
8903
*/
8211
8904
8259
8952
8260
8953
res = RAND_write_file(tls_rand_file);
8261
8954
if (res < 0) {
8262
pr_log_pri(PR_LOG_NOTICE, MOD_TLS_VERSION
8955
pr_log_pri(PR_LOG_WARNING, MOD_TLS_VERSION
8263
8956
": error writing PRNG seed data to '%s': %s", tls_rand_file,
8264
8957
tls_get_errors());
8265
8958
8386
9079
char buf[256];
8387
9080
8388
9081
for (s = (server_rec *) server_list->xas_list; s; s = s->next) {
8389
config_rec *rsa = NULL, *dsa = NULL, *pkcs12 = NULL;
9082
config_rec *rsa = NULL, *dsa = NULL, *ec = NULL, *pkcs12 = NULL;
8390
9083
tls_pkey_t *k = NULL;
8391
9084
8392
9085
/* Find any TLS*CertificateKeyFile directives. If they aren't present,
8402
9095
dsa = find_config(s->conf, CONF_PARAM, "TLSDSACertificateFile", FALSE);
8403
9096
}
8404
9097
9098
ec = find_config(s->conf, CONF_PARAM, "TLSECCertificateKeyFile", FALSE);
9099
if (ec == NULL) {
9100
ec = find_config(s->conf, CONF_PARAM, "TLSECCertificateFile", FALSE);
9101
}
9102
8405
9103
pkcs12 = find_config(s->conf, CONF_PARAM, "TLSPKCS12File", FALSE);
8406
9104
8407
9105
if (rsa == NULL &&
8408
9106
dsa == NULL &&
9107
ec == NULL &&
8409
9108
pkcs12 == NULL) {
8410
9109
continue;
8411
9110
}
8421
9120
8422
9121
k->rsa_pkey = tls_get_page(PEM_BUFSIZE, &k->rsa_pkey_ptr);
8423
9122
if (k->rsa_pkey == NULL) {
8424
pr_log_pri(PR_LOG_ERR, "Out of memory!");
9123
pr_log_pri(PR_LOG_ALERT, MOD_TLS_VERSION ": Out of memory!");
8425
9124
pr_session_disconnect(&tls_module, PR_SESS_DISCONNECT_NOMEM, NULL);
8426
9125
}
8427
9126
8444
9143
8445
9144
k->dsa_pkey = tls_get_page(PEM_BUFSIZE, &k->dsa_pkey_ptr);
8446
9145
if (k->dsa_pkey == NULL) {
8447
pr_log_pri(PR_LOG_ERR, "out of memory!");
9146
pr_log_pri(PR_LOG_ALERT, MOD_TLS_VERSION ": Out of memory!");
8448
9147
pr_session_disconnect(&tls_module, PR_SESS_DISCONNECT_NOMEM, NULL);
8449
9148
}
8450
9149
8460
9159
}
8461
9160
}
8462
9161
9162
#ifdef PR_USE_OPENSSL_ECC
9163
if (ec != NULL) {
9164
snprintf(buf, sizeof(buf)-1, "EC key for the %s#%d (%s) server: ",
9165
pr_netaddr_get_ipstr(s->addr), s->ServerPort, s->ServerName);
9166
buf[sizeof(buf)-1] = '\0';
9167
9168
k->ec_pkey = tls_get_page(PEM_BUFSIZE, &k->ec_pkey_ptr);
9169
if (k->ec_pkey == NULL) {
9170
pr_log_pri(PR_LOG_ALERT, MOD_TLS_VERSION ": Out of memory!");
9171
pr_session_disconnect(&tls_module, PR_SESS_DISCONNECT_NOMEM, NULL);
9172
}
9173
9174
if (tls_get_passphrase(s, ec->argv[0], buf, k->ec_pkey,
9175
k->pkeysz, TLS_PASSPHRASE_FL_EC_KEY) < 0) {
9176
pr_log_debug(DEBUG0, MOD_TLS_VERSION
9177
": error reading EC passphrase: %s", tls_get_errors());
9178
9179
pr_log_pri(PR_LOG_ERR, MOD_TLS_VERSION ": unable to use "
9180
"EC certificate key '%s', exiting", (char *) dsa->argv[0]);
9181
pr_session_disconnect(&tls_module, PR_SESS_DISCONNECT_BY_APPLICATION,
9182
NULL);
9183
}
9184
}
9185
#endif /* PR_USE_OPENSSL_ECC */
9186
8463
9187
if (pkcs12) {
8464
9188
snprintf(buf, sizeof(buf)-1,
8465
9189
"PKCS12 password for the %s#%d (%s) server: ",
8468
9192
8469
9193
k->pkcs12_passwd = tls_get_page(PEM_BUFSIZE, &k->pkcs12_passwd_ptr);
8470
9194
if (k->pkcs12_passwd == NULL) {
8471
pr_log_pri(PR_LOG_ERR, "out of memory!");
9195
pr_log_pri(PR_LOG_ALERT, MOD_TLS_VERSION ": Out of memory!");
8472
9196
pr_session_disconnect(&tls_module, PR_SESS_DISCONNECT_NOMEM, NULL);
8473
9197
}
8474
9198
8610
9334
if ((*opts & TLS_OPT_ALLOW_PER_USER) &&
8611
9335
toplevel_auth_requires_ssl == TRUE &&
8612
9336
other_auth_requires_ssl == TRUE) {
8613
pr_log_pri(PR_LOG_ERR, MOD_TLS_VERSION ": Server %s: cannot enforce "
9337
pr_log_pri(PR_LOG_NOTICE, MOD_TLS_VERSION ": Server %s: cannot enforce "
8614
9338
"both 'TLSRequired auth' and 'TLSOptions AllowPerUser' at the "
8615
9339
"same time", s->ServerName);
8616
9340
pr_session_disconnect(&tls_module, PR_SESS_DISCONNECT_BAD_CONFIG, NULL);
8666
9390
}
8667
9391
8668
9392
if (unexpected_version_mismatch == TRUE) {
8669
pr_log_pri(PR_LOG_ERR, MOD_TLS_VERSION
9393
pr_log_pri(PR_LOG_WARNING, MOD_TLS_VERSION
8670
9394
": compiled using OpenSSL version '%s' headers, but linked to "
8671
9395
"OpenSSL version '%s' library", OPENSSL_VERSION_TEXT,
8672
9396
SSLeay_version(SSLEAY_VERSION));
8697
9421
#ifdef PR_USE_CTRLS
8698
9422
if (pr_ctrls_register(&tls_module, "tls", "query/tune mod_tls settings",
8699
9423
tls_handle_tls) < 0) {
8700
pr_log_pri(PR_LOG_INFO, MOD_TLS_VERSION
9424
pr_log_pri(PR_LOG_NOTICE, MOD_TLS_VERSION
8701
9425
": error registering 'tls' control: %s", strerror(errno));
8702
9426
8703
9427
} else {
8789
9513
tls_dsa_key_file = get_param_ptr(main_server->conf,
8790
9514
"TLSDSACertificateKeyFile", FALSE);
8791
9515
9516
tls_ec_cert_file = get_param_ptr(main_server->conf, "TLSECCertificateFile",
9517
FALSE);
9518
tls_ec_key_file = get_param_ptr(main_server->conf,
9519
"TLSECCertificateKeyFile", FALSE);
9520
8792
9521
tls_pkcs12_file = get_param_ptr(main_server->conf, "TLSPKCS12File", FALSE);
8793
9522
8794
9523
tls_rsa_cert_file = get_param_ptr(main_server->conf, "TLSRSACertificateFile",
8824
9553
#endif
8825
9554
8826
9555
tmp = get_param_ptr(main_server->conf, "TLSVerifyClient", FALSE);
8827
if (tmp!= NULL &&
9556
if (tmp != NULL &&
8828
9557
*tmp == TRUE) {
9558
tls_flags |= TLS_SESS_VERIFY_CLIENT;
9559
}
9560
9561
c = find_config(main_server->conf, CONF_PARAM, "TLSVerifyServer", FALSE);
9562
if (c != NULL) {
9563
int setting;
9564
9565
setting = *((int *) c->argv[0]);
9566
switch (setting) {
9567
case 2:
9568
tls_flags |= TLS_SESS_VERIFY_SERVER_NO_DNS;
9569
break;
9570
9571
case 1:
9572
tls_flags |= TLS_SESS_VERIFY_SERVER;
9573
break;
9574
}
9575
9576
} else {
9577
tls_flags |= TLS_SESS_VERIFY_SERVER;
9578
}
9579
9580
/* If TLSVerifyClient/Server is on, look up the verification depth. */
9581
if (tls_flags & (TLS_SESS_VERIFY_CLIENT|TLS_SESS_VERIFY_SERVER|TLS_SESS_VERIFY_SERVER_NO_DNS)) {
8829
9582
int *depth = NULL;
8830
tls_flags |= TLS_SESS_VERIFY_CLIENT;
8831
9583
8832
9584
depth = get_param_ptr(main_server->conf, "TLSVerifyDepth", FALSE);
8833
if (depth != NULL)
9585
if (depth != NULL) {
8834
9586
tls_verify_depth = *depth;
9587
}
8835
9588
}
8836
9589
8837
9590
c = find_config(main_server->conf, CONF_PARAM, "TLSRequired", FALSE);
8842
9595
}
8843
9596
8844
9597
c = find_config(main_server->conf, CONF_PARAM, "TLSTimeoutHandshake", FALSE);
8845
if (c)
9598
if (c) {
8846
9599
tls_handshake_timeout = *((unsigned int *) c->argv[0]);
9600
}
8847
9601
8848
9602
/* Open the TLSLog, if configured */
8849
9603
res = tls_openlog();
8853
9607
": notice: unable to open TLSLog: %s", strerror(errno));
8854
9608
8855
9609
} else if (res == PR_LOG_WRITABLE_DIR) {
8856
pr_log_pri(PR_LOG_NOTICE, MOD_TLS_VERSION
8857
": notice: unable to open TLSLog: parent directory is world writable");
9610
pr_log_pri(PR_LOG_WARNING, MOD_TLS_VERSION
9611
": notice: unable to open TLSLog: parent directory is world-writable");
8858
9612
8859
9613
} else if (res == PR_LOG_SYMLINK) {
8860
pr_log_pri(PR_LOG_NOTICE, MOD_TLS_VERSION
9614
pr_log_pri(PR_LOG_WARNING, MOD_TLS_VERSION
8861
9615
": notice: unable to open TLSLog: cannot log to a symbolic link");
8862
9616
}
8863
9617
}
9042
9796
pr_feat_add("CCC");
9043
9797
pr_feat_add("PBSZ");
9044
9798
pr_feat_add("PROT");
9799
pr_feat_add("SSCN");
9045
9800
9046
9801
/* Add the commands handled by this module to the HELP list. */
9047
9802
pr_help_add(C_AUTH, _("<sp> base64-data"), TRUE);
9095
9850
{ "TLSDHParamFile", set_tlsdhparamfile, NULL },
9096
9851
{ "TLSDSACertificateFile", set_tlsdsacertfile, NULL },
9097
9852
{ "TLSDSACertificateKeyFile", set_tlsdsakeyfile, NULL },
9853
{ "TLSECCertificateFile", set_tlseccertfile, NULL },
9854
{ "TLSECCertificateKeyFile", set_tlseckeyfile, NULL },
9098
9855
{ "TLSEngine", set_tlsengine, NULL },
9099
9856
{ "TLSLog", set_tlslog, NULL },
9100
9857
{ "TLSMasqueradeAddress", set_tlsmasqaddr, NULL },
9114
9871
{ "TLSVerifyClient", set_tlsverifyclient, NULL },
9115
9872
{ "TLSVerifyDepth", set_tlsverifydepth, NULL },
9116
9873
{ "TLSVerifyOrder", set_tlsverifyorder, NULL },
9874
{ "TLSVerifyServer", set_tlsverifyserver, NULL },
9117
9875
{ NULL , NULL, NULL}
9118
9876
};
9119
9877
9123
9881
{ CMD, C_CCC, G_NONE, tls_ccc, FALSE, FALSE, CL_SEC },
9124
9882
{ CMD, C_PBSZ, G_NONE, tls_pbsz, FALSE, FALSE, CL_SEC },
9125
9883
{ CMD, C_PROT, G_NONE, tls_prot, FALSE, FALSE, CL_SEC },
9884
{ CMD, "SSCN", G_NONE, tls_sscn, TRUE, FALSE, CL_SEC },
9126
9885
{ POST_CMD, C_HOST, G_NONE, tls_post_host, FALSE, FALSE, CL_SEC },
9127
9886
{ POST_CMD, C_PASS, G_NONE, tls_post_pass, FALSE, FALSE, CL_SEC },
9128
9887
{ 0, NULL }
Loggerhead is a web-based interface for Breezy
Version: 2.0.1